<?php
$name=$_REQUEST['name'];
$password= md5($_REQUEST['password']);
$code= strtolower($_REQUEST['code']);
session_start();
if($code!=$_SESSION['code']){
    exit("<script>alert('验证码错误，点击返回');window.location='login.php'</script>");
}
require_once 'config/config.php';
$conn = new mysqli(HOST, USER, PASSWORD, DATABASE);
if ($conn->connect_errno) {
    die('数据库连接失败：' . $conn->connect_error);
}
$stmt=$conn->prepare('select name from user_list where name=? and password=?');
$stmt->bind_param('ss', $name,$password);
$stmt->execute();
$stmt->bind_result($user);
$stmt->fetch();

if(!$user){
    exit("<script>alert('账户或密码错误,点击返回');window.location='login.php'</script>");
}else{
//    var_dump($user);
    $_SESSION['user'] = $user;
    exit("<script>alert('欢迎登录,点击跳转到后台界面');window.location='index.php'</script>");
}